Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-60303

Authorize access by group membership using keycloak-plugin

    XMLWordPrintable

Details

    • New Feature
    • Resolution: Unresolved
    • Minor
    • keycloak-plugin
    • None
    • Jenkins version: 2.190.3
      Keycloak plugin version: 2.3.0

    Description

      We would like to login using AD group membership.  We've synced our groups in Keycloak and then added a mapper to the Jenkins client in Keycloak using the "Keycloak config" here

      Authorization fails unless user is added to Project Matrix permissions rather than group.  "<user>  is missing the Overall/Read permission".

      This plugin gives nowhere to add a "Token Claim Name" defined in our Keycloak mapper.  Am I right that this plugin lacks ability to login by virtue of group membership?  If so this is a feature request.

      http://<jenkins_url>/whoAmI/ doesn't show any group memberships, but not sure if it should.

      Attachments

        Activity

          People

            devlauer D. Lauer
            brendanh Brendan Holmes
            Votes:
            3 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: